diff --git a/acceptance/tests/security/cve-2013-4761_injection_of_class_names_loading_code.rb b/acceptance/tests/security/cve-2013-4761_injection_of_class_names_loading_code.rb
index f3d3a4115..5ee57a8f3 100644
--- a/acceptance/tests/security/cve-2013-4761_injection_of_class_names_loading_code.rb
+++ b/acceptance/tests/security/cve-2013-4761_injection_of_class_names_loading_code.rb
@@ -1,75 +1,79 @@
 require 'puppet/acceptance/temp_file_utils'
 
 extend Puppet::Acceptance::TempFileUtils
 initialize_temp_dirs
 
 teardown do
   remove_temp_dirs
 end
 
 test_name "CVE 2013-4761 Injection of bad class names causing code loading" do
   confine :except, :platform => 'windows'
 
+  def exploited_path
+    '/tmp/exploited'
+  end
+
   def exploit_path
     '/tmp/exploit.rb'
   end
 
   # @return [String] path to the manifest file
   def create_exploit_manifest(manifest_name, exploit_path_expression)
     create_test_file(master, manifest_name, <<-AUTH)
 $enc_data = '#{exploit_path_expression}'
 include $enc_data
     AUTH
     get_test_file_path(master, manifest_name)
   end
 
   def should_not_be_able_to_exploit(exploit_manifest_path)
     master_opts = {
       'master' => {
         'autosign' => true,
         'manifest' => exploit_manifest_path,
       },
     }
 
     with_puppet_running_on(master, master_opts) do
 
       agents.each do |agent|
         next if agent['roles'].include?('master')
 
         step "Ensure that the exploit marker is gone" do
-          on master, "rm -f #{exploit_path}"
+          on master, "rm -f #{exploited_path}"
         end
 
         step "Request a catalog to trigger the exploit" do
           on agent, puppet('agent', '-t', "--server #{master}"), :acceptable_exit_codes => [1]
         end
 
         step "Check that the exploit marker was not created" do
-          on master, "test ! -e #{exploit_path}"
+          on master, "test ! -e #{exploited_path}"
         end
 
       end
     end
   end
 
   step "Create exploit file" do
     create_remote_file(master, exploit_path, <<-EXPLOIT)
-    ::File.open('#{exploit_path}', 'w') { |f| f.puts("exploited") }
+    ::File.open('#{exploited_path}', 'w') { |f| f.puts("exploited") }
     EXPLOIT
 
     chmod(master, '777', exploit_path)
   end
 
   step "Class name is not interpreted as an absolute path" do
     manifest_file_path = create_exploit_manifest('site.pp', 'tmp::exploit')
     should_not_be_able_to_exploit(manifest_file_path)
   end
 
   step "Class name cannot be used for a directory traversal out of the module path" do
     # This is just a guess about how far back we need to go...
     traversal_exploit_expression = "#{'::..' * 20}#{exploit_path.gsub(File::SEPARATOR,'::')}"
     traversal_manifest_path = create_exploit_manifest('site_traversal.pp', traversal_exploit_expression)
 
     should_not_be_able_to_exploit(traversal_manifest_path)
   end
 end
diff --git a/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb b/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb
index a94165076..0e829dd7f 100644
--- a/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb
+++ b/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb
@@ -1,38 +1,54 @@
 # Windows doesn't suppoert Facter fqdn properly
 confine :except, :platform => 'windows'
 
 test_name "#7117 Broke the environment criteria in auth.conf"
 
 testdir = create_tmpdir_for_user master, 'env_in_auth_conf'
 
-# add to auth.conf
-add_2_authconf = %q{
+
+apply_manifest_on(master, <<-MANIFEST, :catch_failures => true)
+File {
+  ensure => directory,
+  owner => #{master.puppet['user']},
+  group => #{master.puppet['group']},
+  mode => "0770",
+}
+
+file {
+  "#{testdir}":;
+  "#{testdir}/environments":;
+  "#{testdir}/environments/override":;
+  "#{testdir}/auth.conf":
+    ensure => file,
+    content => "
 path /
 environment override
 auth any
 allow *
+",
+    mode => "0640",
 }
+MANIFEST
 
-step "Create a temp auth.conf"
-create_remote_file master, "#{testdir}/auth.conf", add_2_authconf
-
-on master, "chmod 644 #{testdir}/auth.conf"
-on master, "chmod 777 #{testdir}"
+master_opts = {
+  'main' => { 'environmentpath' => "#{testdir}/environments" },
+  'master' => { 'rest_authconfig' => "#{testdir}/auth.conf" },
+}
 
-with_puppet_running_on master, {'master' => {'rest_authconfig' => "#{testdir}/auth.conf"}}, testdir do
+with_puppet_running_on master, master_opts, testdir do
   agents.each do |agent|
 
     # Run test on Agents
     step "Run agent to upload facts"
     on agent, puppet_agent("--test --server #{master}")
 
     certname = master.is_pe? ?
        agent.to_s :
        on(agent, facter('fqdn')).stdout.chomp
 
     step "Fetch agent facts from Puppet Master"
     on(agent, "curl --tlsv1 -k -H \"Accept: yaml\" https://#{master}:8140/override/facts/#{certname}") do
       assert_match(/--- !ruby\/object:Puppet::Node::Facts/, stdout, "Agent Facts not returned for #{agent}")
     end
   end
 end